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1.Which two statements about running a vulnerability scan are true? 
(Choose two.) 

A. You should run the vulnerability scan during a maintenance 
window. 

B. You should run the vulnerability scan in a test environment. 

C. Vulnerability scanning increases the load on FortiWeb, so it should 
be avoided. 

D. You should run the vulnerability scan on a live website to get 
accurate results. 

Answer: A, B 
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2.FortiWeb offers the same load balancing algorithms as FortiGate. 

Which two Layer 7 switch methods does FortiWeb also offer? (Choose two.) 
A. Round robin 

B. HTTP session-based round robin 

C. HTTP user-based round robin 

D. HTTP content routes 

Answer: A, D 
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3.Which would be a reason to implement HTTP rewriting? 
A. The original page has moved to a new URL 

B. To replace a vulnerable function in the requested URL 
C. To send the request to secure channel 

D. The original page has moved to a new IP address 
Answer: B 
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4.Which statement about local user accounts is true? 

A. They are best suited for large environments with many users. 
B. They cannot be used for site publishing. 

C. They must be assigned, regardless of any other authentication. 
D. They can be used for SSO. 

Answer: B 
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5. Which algorithm is used to build mathematical models for bot 
detection? 

A. HCM 

B. SVN 

C. SVM 

D. HMM 

Answer: C 
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6.What can an administrator do if a client has been incorrectly period 
blocked? 

A. Nothing, it is not possible to override a period block. 

B. Manually release the ID address from the temporary blacklist. 

C. Force a new IP address to the client. 

D. Disconnect the client from the network. 

Answer: B 
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7.When FortiWeb triggers a redirect action, which two HTTP codes 
does it send to the client to inform the browser of the new URL? 
(Choose two.) 

A. 403 

B. 302 

C. 301 

D. 404 

Answer: B, C 
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8.Which two statements about the anti-defacement feature on 
FortiWeb are true? (Choose two.) 

A. Anti-defacement can redirect users to a backup web server, if it 
detects a change. 

B. Anti-defacement downloads a copy of your website to RAM, in 
order to restore a clean image, if it detects defacement. 

C. FortiWeb will only check to see if there are changes on the web 
server; it will not download the whole file each time. 

D. Anti-defacement does not make a backup copy of your databases. 
Answer: C, D 
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9.What must you do with your FortiWeb logs to ensure 
PCI DSS compliance? 

A. Store in an off-site location 

B. Erase them every two weeks 

C. Enable masking of sensitive data 

D. Compress them into a .zip file format 

Answer: C 
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10.What role does FortiWeb play in ensuring PCI DSS compliance? 
A. It provides the ability to securely process cash transactions. 

B. It provides the required SQL server protection. 

C. It provides the WAF required by PCI. 

D. It provides credit card processing capabilities. 

Answer: C 


